BGP AS Path Prepending or BGP prepend is a common technique for incoming path manipulating. When we want to engineer the traffic coming from another BGP AS to our BGP AS, BGP AS prepending is one of the most common mechanisms. There are cases BGP AS Prepend doesn't work and shouldn't be used as well, and in this post, we will look at them too by using the below topology.
In the above topology, we have two BGP Autonomous Systems. AS 200 is Customer BGP AS, and AS 100 is Provider BGP AS. As a customer, AS 200 wants AS100 to send the traffic over the left path as a Primary path and the right path as a backup path as is depicted in the above topology.
When we want to have Primary and Backup Paths as it is depicted in the above topology. BGP AS Path Prepending technique is used to influence upstream BGP Autonomous Systems' decision. BGP Prepend means, adding our BGP AS to the AS-path multiple times. In the above topology, 10.0.10.0/24 network's BGP AS 200 is advertised with 3 AS prepend. By default when the prefix is advertised to EBGP neighbor, announcing AS adds its AS number one time. Thus, over the primary path in the above topology, 10.0.10.0/24 is announced just 1 time, and AS Path is shown as AS 200.
1 is already announced and an additional 3 AS Prepend, over the backup path in the above topology, a total of 4 times AS number is sent. And the expectation is, upstream BGP AS, AS 100 would do the BGP best-path selection decision based on AS Path attribute and it chooses a shorter AS Path link over the longer AS Path link, thus Customer's expectation can be achieved and the left path can be used a primary and right path can be used as a backup.
What if upstream AS, AS 100 doesn't use AS Path attribute as the best path selection criteria but already increased its BGP Local Preference value over the right path. BGP Local Preference attribute is compared before the BGP As-path attribute, thus AS 100 would send the traffic over the right path which is expected as a backup by the Customer. So, your upstream Service Provider BGP policy and your BGP policy may not always be the same.
You may want them to influence the BGP best-path selection based on AS-path thus you try to do AS path prepend, but they might be using BGP Local preference as their best path selection decision. In this case, BGP communities are used. With the BGP community, the idea is the same. The customer wants to influence the BGP best-path selection decision of the upstream provider and uses the BGP Community attribute instead of the BGP AS-path attribute.
With BGP Prepend, basically, we increased the number of BGP ASes in the AS-Path by adding our own AS number multiple times. We are telling the upstream connection that, don't prefer this link. Find another way to send the traffic to us. There are some attack types on the Internet. These are Sub-prefix Hijacks, Exact-Prefix Hijacks, some types of BGP Route Leaks, and so on. Prepending AS multiple times increases the Exact Prefix Hijack Attack chance a lot.
Because with this attack, the attacker wants to influence the traffic by announcing your own BGP AS number, claiming they are the real owner of the BGP AS, but their AS-path length is shorter, and the networks that they see the attacker is closer, send the traffic to the attacker networks.BGP AS Path prepending just helps the attacker to be successful. Another reason why we shouldn't use excessive BGP Prepend is, that many AS on the Internet filter excessive AS Path length announcements.
Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021
He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.
Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.
Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers.
I passed the CCDE Practical exam and Orhan’s CCDE course was very important contributor to my success. I attended the CCDE course of Orhan Ergun in July and it was exactly what I needed, Orhan is taking the pain to break down the different technologies.
After I attended Orhan Ergun’s CCDE course I passed the CCDE practical exam.I really enjoyed the course a lot ...
I signed up for Orhan’s CCDE training. This training is very technically detailed and the use-cases, quizzes, scenarios, and mind maps are all great resources in the overall training program. Orhan teaches his students to think like a network designer ...
Orhan is forcing you to take off the implementation hat that most of us have been wearing for many years, instead he is providing a new fancy design hat, which makes you see and deal with the issues presented ...
I’ve used Orhan’s self-paced CCDE training material. If you are interested in knowing how all the technologies go together in a coherent design i can highly recommend it.I also enjoyed the Quizzes which helped pick out my weak spots in selecting ...
Hi Orhan. I passed the CCDE exam on February 22. I read everything that you put on your Self Paced CCDE Training course and it was very helpful in my success. Thank you very much.
I attended Orhan’s April 201610 days CCDE Bootcamp. I am CCDE now !
You can tell Orhan has a great deal of experience, it really comes through when he presents his design case studies and the CCDE Practical scenarios.
Your excellent CCDE materials and amazing Bootcamp helped me tremendously through my learning journey.Also thank you very much for being available whenever I have a design question or a complex design topics. I can’t compare your design skills ...
Thanks Orhan very much for this course. It helped strengthen my “Network design mind”.
Training by Orhan is not a CCDE preperation training only. It will be useful for engineers which are dealing with design. You want to pass CCDE exam or learn network design, then don’t look at anywhere else!
Orhan Ergun’s CCDE course was really very good. CCDE Level Intelligence was delivered very well and with very useful case studies and the scenarios, I am thankful to Orhan for all his help!
If anyone wants to understand network design and architecture, also pass CCDE exam , I recommend you to attend Orhan’s online courses! I am a CCDE now but learning is a journey, we will be together in your other courses too Orhan!
Orhan did an excellent job of filling in the gaps of knowledge that I had that took me to the finish line of the practical exam CCDE. The community of people that Orhan facilitates are both engaging and supportive of the journey to CCDE. Orhan ...
Just passed the CCDE Practical exam! I attended Orhan Ergun’s CCDE training program , used Orhan’s Instructor Led and Self-Paced CCDE training and Online CCDE Practical Scenarios during my CCDE journey. Orhan’s CCDE In Depth book is an excellent summary ...
Hi everyone, I’ve just passed the CCDE Exam. My Number is CCDE 2018::6 I attended to Online CCDE Bootcamp of Orhan. I want to thank Orhan not only for the great book and bootcamp, but also for his commitment, availability and willingness to assist the ...
Hi guys, I’m so happy that I passed the exam. I’ve already got my number CCDE 2018::1. Thanks to Orhan for being the best CCDE instructor in the world. I highly recomend Orhan’s CCDE Training and In-Depth-CCDE ...
Hi Orhan I passed CCDE Practical exam on November 2017 ! I really enjoyed your materials and quizzes and use cases. They were definitely helpful in my preparation. Thanks a lot !
I attended Orhan’s CCDE Training in Istanbul and it was very helpful in my preparation. I passed the exam recently and I want to say Thank you Orhan! For those who want to pass the CCDE exam, definitely start with ...
I registered to Orhan’s training in Feb 2017. From that time, I attended Orhan’s training several times. The depth of knowledge which Orhan has is amazing, and how to present such consistent knowledge to the ...
I passed the CCDE Practical Lab exam on November 17,2016 from supplications of elders and dedication from my Sensei Mr. Orhan Ergun I took different CCDE bootcamps in the past. Orhan has the most depth and expertise ...
Hi Orhan I wanted to pass along my appreciation for the outstanding training material. I used the online CCDE training provided by Orhan as well as the In-Depth-CCDE book and passed the exam in February 2018. Thank you Orhan!
I signed up for Orhan’s CCDE Self paced Course. This course, along with the CCDE In Depth book, helped me for my CCDE Practical as well as Written exams. It pushed me to ask the "WHY" questions and allowed ...
Write a public review